I am aware of the requirement of an IV to be unique in CTR mode (Why must IV/key-pairs not be reused in CTR mode?). However I wonder if I can use an IV depending on the plaintext deterministically. ...

The embedded device is a low-power 8-bit microcontroller (memory usage is constrained to about 10kb code, 1kb ram). As the device is battery-powered and manual service should be minimal, more powerful ...

The usual implementation of AES first computes all the Round Keys sequentially starting from the key, and stores them in RAM for later uses. However, when enciphering a single block with a key that ...

There is a very similar question (Using a derived key for CMAC) but it doesn't quite answer this one (at least for me it does not).
I have a situation where I need to transfer some data. My data has ...

I want to modify and customize AES encryption algorithm and develop a variant of it. What factors should I consider so that it does not become weaker? What skill sets would be required to undertake ...

in the paper "A Compact Rijndael Hardware Architecture with S-Box Optimization" (http://link.springer.com/chapter/10.1007%2F3-540-45682-1_15) at page 6 figure 3, i think they constructed a LFSR for ...

I'm currently reversing an AES implementation for disk encryption. The odd thing I'm stumbled about is a key schedule where the encryption round keys are not the same as the decryption round keys (in ...

I am using Java to write AES-256 to encrypt various files with different extension, the problem is, where am I suppose to store the file extension so the if the data is decrypted, the file extension ...

I have to encrypt big files. Say their size ranges from 500mb to several of gigabytes.
I would like to use AES/GCM/NoPadding as provided by Java 1.8 since that gives me automatic authentication and ...

Propose a symmetric key based crypto-system for implementing a secure email system. This system is based on AES and CCA secure.
Suppose that you have to encrypt a large message and that this message ...

Okay so I have two options for how I would derive two keys for AES encryption and HMAC they are as follows:
Run BCrypt on a users passphrase and then use the bouncy castle implementation of HKDF in ...

Suppose AES-$128$. There are $4$ operations in AES's encryption, they are SubByte, Shift Row, MixColumns and AddRoundKey.
Question: If I remove one of the following opearations, what will happen to ...

Suppose that the key generation is insecure; each key bit is independently generated, but the value of each key bit is '$1$' with probability $0.90$. These keys are used in AES. What is an efficient ...

I have a function that derives two sub-keys from one passphrase using PBKDF2 one which is used as a encryption key the other for HMAC generation, because these two sub-keys will need to be regenerated ...

In this scheme, a 256 bit key is split into two 128 bit sub-keys. Message blocks are 256 bits and are also split into two sub-blocks. Before encryption, each sub-block is xor'd with it's partner and ...

I have an encryption service in which the user decides the length and the type of key, so I would like to build a tool that educates the user on the brute force times for the key they created if using ...

The OCB mode of authenticated encryption (used for example with AES) is the fastest way to provide authenticity and confidentiality without having to strive into questions like: Encrypt then MAC, MAC ...

I have just started learning cryptography and I am trying to make sense of the direct sum on some binary numbers.
I am trying to find a column of a state space after a Mixcolumns operation has been ...

Is the parity of the permutation of the set $\{0,1\}^{128}$, defined by AES encryption for a certain fixed key, dependent on this key?
DES, and any pure Feistel cipher, has even parity for any key. ...

I was using a SOCKS5 proxy today (tunneled through SSH) and I began to wonder what the effect of encrypting twice (TLS over encrypted SOCKS5 in this case) would have on the security of the transmitted ...

I'm using AES128-CTR for generating pseudo-random values, which is considered secure for up to 1MB (at least from what I've read).
I simply encrypt a 128-bit little-endian counter, starting from 0.
...